The Slack App
Slack conversations are never fully private. Did you know that a systems administrator or your boss could potentially read your Slack messages? With the scrt.link App you can now protect sensitive information within your Slack conversation.
Secrets for Slack
Create one-time secrets via shortcut or slash command.
Encrypted, disposable messages that are stored outside of Slack.
Burn notification after a secret has been viewed.
No logs, no backup, no trace.
Important information about security limitations
Due to the nature of how Slack apps are designed, full end-to-end encryption is not possible. We take a number of steps to make sure your secrets are safe, including encrypted connections, sandboxed application server, limited access to infrastructure, etc. In 99% of use cases this is fine and a risk worth taking - still, Slack is proprietary software where we don't have control over. In other words, if you need advanced protection, create secrets on the website instead.
How to use
The easiest and most versatile option is to use a slash command (
/scrtopens a dialog to create a secret.
[secret goes here…]creates a secret link instantly (of type Text).
/scrt [text|link|neogram]opens a dialog to create a specific type of secret.
/scrt help: opens a help dialog.
There are global and message level shortcuts available.
- Click ⚡️ to access global shortcuts and choose scrt.link.
- Within a conversation, click the context menu icon (3 dots) and choose Reply with a secret.
This is a built in feature. You get notified when a secret has been viewed. We use a 🔥 emoji to indicate when a secret has been burned and the link is therefore no longer available.
Is the Slack App secure?
The honest answer: We can't know for sure. It's important to understand that end-to-end-encryption is not possible with Slack apps. However, the communication between our app server and Slack is encrypted and we therefore believe that for 99% of use cases it's safe to use. Still, please be aware that Slack is proprietary software and we don't have control over code that runs your Slack instance. In case you need to be 100% sure, create secrets via the website instead.
Why should I trust you?
Short answer: Don't. That said, we believe in trust through transparency. While you might have something to hide, we don't. That's why all code is open source and available on Gitlab. Feel free to launch your own private Slack App.
What data do you collect?
We only store data that is necessary to run the app. When you install the app, you grant us specific access rights (e.g. the right to post a secret link in your name). This data includes basic Slack user information (e.g. username, id) as well as the individual authorization tokens. Additionally, we temporarily store data required for read receipts.
We don't store any other data. We do not repurpose, sell or distribute any data we collect. Even if we wanted to, we are not able to identify you as a person, since only Slack may have the relevant information to do so.
Why isn't this app approved by Slack?
First, it's important to understand that this app can still be installed and used in the exact same way as officially listed apps. That said, we tried to submit our app to the Slack App Directory to get listed. But since Slack is literally "restricting the approval of apps that facilitate the sharing of sensitive information" we were not able to do so. Now think about this for a minute. And afterwards, help us spread the word 🥰
What permissions are required?
The app requires basic information about the user, channels and conversations. Additionally, the app needs the permission to post in your name, join a conversation and make use of slash commands and shortcuts. You'll get more detailed information about permission scopes during the app installation.
Do I need an account to use the Slack app?
No. Currently not. You are welcome.
Do I need a premium subscription to use the Slack app?
No. You are very welcome. But, you may of course support this project with a paid subscriptions regardless 🤓.